SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Realistic airport terminal travelers shadowy figure data breach impact
#
MFA
#
MarTech
#
Breach Prevention

Qantas latest in string of cyber attacks on the aviation sector globally

Wed, 2nd Jul 2025
Author image
By Sean Mitchell, Publisher

Reports of a significant cyber-attack targeting Qantas have raised concern across the aviation sector, with cybersecurity experts pointing the finger at the threat group known as Scattered Spider. The breach, yet to be fully assessed in its scope, has resulted in the exposure of personal data including customer names, email addresses, phone numbers, birth dates, and frequent flyer numbers, according to an initial review by Qantas. As the repercussions begin to unfold, the attack is already prompting urgent discussions on industry preparedness and response.

Mark Thomas, Director of Security Services, ANZ at Arctic Wolf, believes the recent Qantas incident sits within an escalating trend that sees the financially motivated Scattered Spider group targeting airlines worldwide. "The security industry is witnessing Scattered Spider, a financially motivated threat group, coordinate attacks on the global aviation industry. What makes this trend particularly alarming is its scale and coordination, with fresh reports that Qantas is the latest victim in a string of attacks following North America's Hawaiian Airlines and WestJet," he said.

Thomas, who brings over twenty years of experience in cybersecurity consulting, described the tactics employed by Scattered Spider. The group, notorious for sector-specific campaigns, was also linked to the high-profile M&S data breach in the United Kingdom back in May. He noted, "A known technique of Scattered Spider is posing as IT staff to gain employee passwords or multi-factor authentication (MFA) codes. It is plausible they are executing a similar playbook, employing sophisticated social engineering techniques to gain initial access into victims' networks."

Scattered Spider's brand of cybercrime is especially challenging for defenders because of its amorphous organisational structure. John Hultquist, Chief Analyst at Google Threat Intelligence Group, explained: "The group known as Scattered Spider is somewhat amorphous. Actors pass in and out and the associations aren't extremely firm. That can make it hard to do attribution and it can make it hard to completely put a stop to their activity."

Hultquist added that Scattered Spider typically targets sectors in waves, making them even harder to contain. "There's an opportunity... to take proactive action, especially against the preferred tactics of these actors, like social engineering," he said, highlighting the importance of anticipating and defending against these recurring attack methods.

The exact details of the Qantas breach remain under examination, but early reports from Tenable indicate no evidence yet that stolen data has been offered for sale on illicit markets. Satnam Narang, Senior Staff Research Engineer at Tenable, echoed the growing concerns about potential knock-on effects for breached customers. "For users whose personal information may have been exposed, the biggest risk is follow-on social engineering attacks targeted against them," Narang warned. He suggested that if passwords are found to be part of the exposure, credential stuffing - where attackers attempt to reuse stolen credentials on other sites - could become prevalent.

Despite these risks, Narang stopped short of advising immediate password changes until the full picture is known, instead recommending ongoing vigilance: "Users should ensure they use strong and unique passwords on each site, but most importantly, be sure that multifactor authentication (MFA) is enabled on sensitive accounts to prevent credential stuffing attacks from being successful."

The latest incident underscores a need for proactive defence, as attacks by groups like Scattered Spider intensify in complexity and frequency. The aviation sector's interconnected systems, reliance on third parties, and sensitive customer data continue to make it a lucrative target for cybercriminals operating with concerted focus. With authorities, analysts, and industry leaders alike now watching closely, the Qantas attack is likely to shape not only the immediate response, but broader conversations around cyber risk, resilience, and public trust in international travel.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
How Java will power secure, enterprise-scale AI by 2026
Milestone unveils Hafnia traffic VLM & XProtect plug-in
Zyxel firewall wins PC Pro Security Hardware award
Motorola unveils AI Visual Alerts for on-prem security
Silver Fox APT & PowerG flaws expose key security risks

Top stories

Codific sets 2026 priorities for boards on cyber risk
Punkt unveils MC03 privacy-first smartphone with Proton
CSPM set to vanish as machine identities drive risk
Pearson to deploy palm-print ID across global exams
DryRun raises USD $8.7m to secure AI-driven coding